EFF Sovereign Keys: Security Concerns

TL;DR

The EFF’s Sovereign Keys proposal aims to give users more control over their encryption keys. While a good idea in principle, it introduces new security risks if not implemented carefully. This guide highlights potential weaknesses and offers practical steps for mitigation.

Understanding the Risks

Sovereign Keys proposes using a hardware security module (HSM) or secure enclave to protect encryption keys, with recovery managed through social recovery mechanisms. The main concerns revolve around:

• Key Backup & Recovery Complexity: Social recovery relies on trusted individuals. Compromise of enough co-signers defeats the purpose.
• HSM/Enclave Security: HSMs aren’t foolproof; vulnerabilities exist and can be exploited.
• Software Implementation Flaws: The software managing key access, backup, and recovery is a major attack surface.
• Usability Issues: Complex systems are harder to use securely – users will make mistakes.

Mitigation Steps

1. HSM/Enclave Selection & Hardening (Technical)
   • Choose a reputable vendor: Look for certifications like FIPS 140-2 Level 3 or Common Criteria.
   • Regular Firmware Updates: Keep the HSM firmware up to date with security patches.
   • Physical Security: Protect the HSM from physical tampering and theft.
   • Limited Access: Restrict access to the HSM to only necessary personnel/systems. Use strong authentication (multi-factor where possible).
2. Secure Software Development Practices (Technical)
   • Code Reviews: Thoroughly review all code related to key management and recovery.
   • Static & Dynamic Analysis: Use tools to identify potential vulnerabilities in the software. Example using bandit for Python:

     bandit -r ./source_code/key_management

   • Fuzzing: Test the software with invalid or unexpected inputs to uncover bugs.
   • Principle of Least Privilege: Grant only the minimum necessary permissions to each component.
3. Robust Social Recovery Implementation (Non-Technical & Technical)
   • Threshold Cryptography: Implement a threshold scheme requiring more than half of co-signers for recovery. This prevents single points of failure.
   • Co-signer Education: Educate co-signers about their responsibilities and the risks involved. Explain phishing attacks, social engineering, and key security best practices.
   • Regular Co-signer Rotation: Periodically rotate co-signers to reduce long-term risk.
   • Secure Communication Channels: Use end-to-end encrypted communication with co-signers (e.g., Signal).
4. Key Backup Security (Non-Technical & Technical)
   • Diversified Backups: Store backups in multiple, geographically diverse locations.
   • Encryption of Backups: Encrypt all key backups with a separate encryption key managed securely.
   • Offline Storage: Prefer offline storage for backups (e.g., air-gapped HSMs or secure cold storage).
5. Usability Testing & Simplification (Non-Technical)
   • User Research: Conduct usability testing with target users to identify pain points and areas for improvement.
   • Simplified Interface: Design a user interface that is intuitive and easy to understand.
   • Clear Instructions: Provide clear, concise instructions for key management and recovery.
6. Regular Security Audits (Technical)
   • Penetration Testing: Hire a third-party cybersecurity firm to conduct penetration testing of the entire system.
   • Code Audit: Conduct regular code audits to identify potential vulnerabilities.
   • Configuration Review: Regularly review the configuration of all systems involved in key management and recovery.

Ongoing Monitoring

cyber security is not a one-time fix. Continuously monitor for suspicious activity, update software, and adapt to new threats.